The new Thunderspy attack highlights a handful of shortcomings in the security model of the Thunderbolt chip used in many PCs.
The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.
Cisco has patched a dangerous flaw in its Adaptive Security Appliance Software that could allow an attacker to bypass authentication when Kerberos is enabled.
The number of servers vulnerable to the CVE-2020-11651 SaltStack flaw has dropped considerably, but several thousand are still unpatched.
Over the past few days, the Cybersecurity and Infrastructure Security Agency has issued several alerts warning about nation-state actors targeting healthcare and medical research organizations, as well as ways organizations should protect their remote workforce.
An attacker was able to access an undisclosed number of GoDaddy customers' hosting accounts using SSH connections.
Attackers are exploiting the CVE-2020-11651 flaw in SaltStack Salt to install coinmining scripts on exposed servers.
Four senators are planning to introduce the COVID-19 Data Protection Act to regulate the collection, use, and transfer of health and location data related to virus infections.
Akamai CSO Andy Ellis joins Dennis Fisher to talk about the security implications of moving thousands of employees worldwide to remote work.
There has been a sharp increase in scans for exposed RDP servers recently as attackers try to take advantage of the move to remote work.
A judge has approved the deal settling all claims related to Banner Health’s 2016 data breach, which includes stipulations for how the hospital operator must improve its information security.
Ransomware operators have begun using long-held positions inside corporate networks to deploy ransomware.
Kaspersky researchers discuss how a targeted campaign against Android users in Southeast Asia relied on spyware apps that snuck onto official app marketplaces such as Google Play.
The National Security Agency and the Australian Signals Directorate jointly issued a Cybersecurity Information Sheet with guidelines for enterprises on how to defend web servers from web shell exploits.
The creators of the Shade ransomware have released the decryption keys for infected systems.